Score:0

What Chromium Edge settings affect its ability to perform ClickOnce deployments from a LAN share on an ActiveDirectory network?

us flag
Tim

Chromium Edge (v92.xx -- the currently supported one as of this writing) is treating the ClickOnce setup.exe file on a LAN share as a "normal download" (intercepting it rather than executing it) even after Group Policy has been set to enable ClickOnce support in Edge. What are the Edge settings that need to be changed to support ClickOnce?

I suppose SmartScreen is involved, in particular the Allow List:

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#smartscreenallowlistdomains

Making these changes are not my responsibility (I'm on the Dev side of DevOps) and I have no permission to make them. But I will need to convince the network security team they're required. Having an upvoted answer here would be very helpful for that purpose.

EDIT: Here's how the publish.htm page address appears in the Edge address bar:

file://myservername/C$/apps/myappfolder/publish.htm

EDIT: Here are some relevant screen captures showing the behavior:

setupexe intercept by Edge Edge ActiveDirectory settings

Score:0
au flag

Could you please refer to https://docs.microsoft.com/en-us/deployedge/edge-learn-more-co-di and clarify what happens (that is: if anything is different from what you see described on that site)? As you can read, "ClickOnce and DirectInvoke are supported out of the box for all Windows users." - and that holds true here: without any modifications, I can run clickonce files in chromium edge 92.

More info: If I understand correctly, you would like to get rid of all warnings. ->in IE mode, chromium edge shows one warning less, so if you are interested, setup a sitelist to have that site where the clickonce files are hosted run in IEmode.

us flag
Tim
We are not getting the warnings described on that page. Rather, Edge is not invoking SETUP.EXE but is treating the SETUP.EXE as a normal file download, placing it in the Downloads folder if the user clicks on the ellipsis and tells Edge to "keep" the file.
us flag
Tim
I will post some screenshots.
us flag
Tim
I believe our networking consultants may have entered malformed values for the `ExemptDomainFileTypePairsFromFileTypeDownloadWarnings` registry setting. Looking into that now.
Bernd Schwanenmeister avatar
au flag
Please note that in case you are using Windows 10 21H1, there's a new directive from Microsoft in regards to blocking potentially unwanted programs: https://support.microsoft.com/en-us/windows/potentially-unwanted-apps-will-be-blocked-by-default-b9f53cb9-7f1e-40bb-8c6b-a17e0ab6289e
us flag
Tim
Thanks. Our network security team *believes* they have addressed that with `SmartScreenPuaEnabled` set to `0` in Edge policies. It's the last item in the registgry screencapture above.
Bernd Schwanenmeister avatar
au flag
Sorry for the late comment, I was in stress. You are right, that registry value should be the one. Please verify the same in the section "default settings (users can override), as well as the user policy. Registry Hive HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER Registry Path Software\Policies\Microsoft\Edge\Recommended Value Name SmartScreenPuaEnabled Value Type REG_DWORD Enabled Value 1 Disabled Value 0
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.